diff --git a/machines/loc1xe/setup.sh b/machines/loc1xe/setup.sh
index 539f979..a3616d4 100755
--- a/machines/loc1xe/setup.sh
+++ b/machines/loc1xe/setup.sh
@@ -14,3 +14,18 @@ ip link set dev wifi up
 ip route add default via 192.168.0.1 dev wifi
 
 wireguard wg1 ./machines/$mach/wg1.conf 2a01:4f8:c0c:36b8:ff01:8000:10:f03/108
+
+# Netns for running public VMs
+vm_netns="./state/$mach/vm_netns"
+touch "$vm_netns"
+unshare --net="$vm_netns" /bin/true
+ip link add name wg-vms type wireguard
+wg setconf wg-vms ./machines/$mach/wg-vms.conf
+ip link set wg-vms netns "$vm_netns"
+nsenter --net="$vm_netns" ip link set wg-vms up
+nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0001/128 dev wg-vms onlink
+nsenter --net="$vm_netns" ip route add default via 2a01:4f8:c0c:36b8:ff01:8000:0:0001 dev wg-vms
+nsenter --net="$vm_netns" sysctl net.ipv6.conf.all.forwarding=1
+
+
+#nsenter --net="$vm_netns" ip route add 2a01:4f8:c0c:36b8:ff01:8000:0:0001/128 dev wg-vms onlink